Caspar Health was founded in 2016 and is a digital clinic with a vision to provide everyone everywhere access to effective healthcare.

Our highly motivated team works daily to merge healthcare and technology to improve the healthcare system through innovation.

As Head of Information Security / CISO at Caspar, you ensure readiness for ISO 27001 and GDPR audits and maintain up-to-date cybersecurity infrastructure.

Support management to develop a security-oriented environment.

Train employees and help fulfill ISMS requirements efficiently and sustainably.

Take responsibility for annual ISO 27001 audits.

Ensure optimal incident management, real-time vulnerability management, and cyber defense.

Accountability for all ISMS and cybersecurity topics.

Collaborate with leadership, tech department, legal, and quality management.

Monitor security landscape and advise system and infrastructure leaders on advanced cybersecurity solutions.

Define and track progress of security concept implementation.

Support employees with ISMS requirements in standard operating procedures.

Work closely with Tech Department (DevOps, SecOps, SysAdmin) on configuration and troubleshooting of information security infrastructure.

Ensure quick and maximum awareness of security incidents and prevention.

Promote data security as part of company culture.

Drive investigation and mitigation of security incidents.

Write reports with assessments, findings, and suggestions for improvements.

Extensive leadership experience in a similar position.

Experience as network engineer, information security engineer, or system engineer in medium-sized companies (100-500 employees).

Proven ability to train staff at all levels and establish strong security awareness.

Deep understanding of ISMS, PCI-DSS, ISO 27001, and regulatory requirements and experienced in implementation, certification, auditor guidance, and relationship building.

Experience from regulated sectors such as healthcare, pharmaceutical, finance, or public sector.

Ability to develop and implement comprehensive security strategies aligned with business goals.

Excellent communication skills to clarify and support employees at all levels.

Strong risk management skills for effective risk evaluation and prioritization.

Knowledge of cybersecurity principles, standards, frameworks (ISO 27001, NIST, CIS Controls).

Expertise in network, OS, and cloud security; knowledge of security systems including firewall, IDS/IPS, antivirus, EDR, URL filtering, scanning, risk assessment, forensic tools.

Comprehensive understanding of latest security principles, attack vectors (XSS, injection, DoS, hijacking, social engineering).

Fluency in German and English, both written and spoken.

Preferably certified in CISSP, CCSP, OSCP or similar.

Permanent employment contract.

Priority on individuals within the company and inclusion initiatives.

Open feedback culture for learning and growth.

Flexible working hours, remote work options, and part-time models for work-life balance.

Opportunities for ongoing professional development.

Health offerings including weekly sport activities, mental health, movement, and nutrition apps.

Fresh fruits, healthy snacks, and drinks in the office.

Caspar Health strives to provide a friendly, safe, and welcoming environment for all employees regardless of gender, gender identity or expression, sexual orientation, disabilities, appearance, social background, age, or religion.

Applications are evaluated based on experience and motivation. Disclosure of additional personal information is optional.

The product CASPAR Health involves working with sensitive personal data; hence, a high commitment to data protection is required.

Please apply only via the provided application link to ensure data protection. Privacy policy is available.

Caspar Health is a digital rehabilitation clinic aiming to provide effective rehabilitation anytime, anywhere.

Medical establishments use Caspar Health to conduct therapy online during and after hospital stays, with coverage by pension insurance companies in rehabilitation, prevention, and aftercare.

A valid work permit for Germany is required for non-EU citizens. Applications without valid work permit and sufficient German language skills may not be considered.

Please apply via the provided application link on the company website.